Any business that takes card payments from residents of California will face strict new duties on the security of card data under proposals that are just a signature away from becoming law. A breach would trigger unprecedented reimbursement provisions.
Final amendments to the measure, called Assembly Bill No. 779, were approved …

$15 per incident?

This compares well to the estimated real cost to a UK bank of handling an overdraft -- abt. £5 according to news articles.

But sadly, this California law is just another tame poodle with its teeth extracted, mere window dressing.

Far better If the law imposed absolute liability on businesses for breaches of customer data confidentiality, and required them to pay, say, $10K per account per incident to each breachee, it would only take a few exemplary bankruptcies as a result for all businesses to start taking data security seriously.

To put the icing on the cake, the law should hold corporate managers and directors personally responsible for such liability. Business and businessmen are much like a mules: you have to hit them over the head with a 2×4 to get their attention.